Troj/StartPa-GB

Category: Viruses and Spyware
Type: Trojan
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/StartPa-GB is a Windows Trojan which alters default Internet Explorer settings.

Troj/StartPa-GB sets the following registry entries to run automatically on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
PayTime
C:\WINDOWS\System32\paytime.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PayTime
C:\WINDOWS\System32\paytime.exe

Troj/StartPa-GB changes browser settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main
Default_Page_URL
http://81.222.131.49/index.php

HKCU\Software\Microsoft\Internet Explorer\Main
Local Page
http://81.222.131.49/index.php

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
http://81.222.131.49/index.php

HKLM\Software\Microsoft\Internet Explorer\Main
Default_Page_URL
http://81.222.131.49/index.php

HKLM\Software\Microsoft\Internet Explorer\Main
Local Page
http://81.222.131.49/index.php

HKLM\Software\Microsoft\Internet Explorer\Main
Start Page
http://81.222.131.49/index.php

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy